Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Over the past while, when I have run a regularly scheduled scan with my McAfee program, the scan is stalling at about 66 or 67% and nearly locking up my computer. The scan always seems to stall as it scans a particular file:

windows\$hf_mig$\KB911562\spuninst.exe

Calling McAfee about the problem was no help and they suggested I subscribe to their paid service (naturally) to help me more. Any help anyone can give me here to try to remedy this situation (in the event I have some malware installed) would be greatly appreciated.

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our
Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). Also take note that remnants of the above program/s and any other P2P program found will be removed when cleaning.

Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select AllClick the Empty Selected button. (If you use FireFox or the Opera browser,To keep saved passwords, click No at the prompt.)Click Exit on the Main menu to close the program.

NEXTDownload and Run: RSIT

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.

Double click on RSIT.exe to run RSIT.

Click Continue at the disclaimer screen.

Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Thanks for the help so far. I read the P2P policy before I first posted. Guess I forgot I even had Vuze. I don't think I have ever used it. It is uninstalled now. As are the other programs you listed. Here is the log file:

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Thanks for the help so far. I read the P2P policy before I first posted. Guess I forgot I even had Vuze. I don't think I have ever used it. It is uninstalled now. As are the other programs you listed. Here is the log file:

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

The E: drive was probably due to the fact that my Blackberry was plugged into the computer and charging when I ran that particular program. I believe the card in the phone shows up as drive E:. I just looked at "My Computer" without the phone attached and there is no E: drive showing.

In regard to McAfee, I have never had anything attached to the computer while it was scanning, to my recollection. What is odd is that ONE scan completed normally several attempts ago. All the other attempts since then have resulted in the scan hanging at that particular "KB" file.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Computer Name: D1VHYY91Event Code: 1517Message: Windows saved user D1VHYY91\Steppie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

I would like to start this post of by saying there could be a hardware issue involved. According to RSIT log, your hard drive D: might have bad sectors. Once we have finished cleaning the Malware you might be better served asking at a forum that specializes in Hardware issues.

Return to OTM.exe, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.

Click the red Moveit! button.

Copy everything in the Results window (under the green bar), and paste it in your next reply.

Close OTM.exe

This next step is your choice. The below items I am getting you to fix with HJT are for programs that do not need to start up when you turn your computer on. Doing the below step WILL NOT UNINSTALL these programs ONLY stop them from running at startup. All will be available when you need them. The bonus is it will make your startup time a bit shorter

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.